Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2018.0721
SUSE Enterprise 11 SP3 kernel updated for Meltdown (improved
retpoline fix), others
13 March 2018
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: kernel
Publisher: SUSE
Operating System: SUSE
Impact/Access: Root Compromise -- Existing Account
Access Privileged Data -- Existing Account
Denial of Service -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2018-1000004 CVE-2018-5333 CVE-2018-5332
CVE-2017-18079 CVE-2017-18017 CVE-2017-17741
CVE-2017-13215 CVE-2017-5715
Reference: ASB-2018.0002.4
ESB-2018.0577
ESB-2018.0042.2
Original Bulletin:
https://www.suse.com/support/update/announcement/2018/suse-su-20180660-1
- --------------------------BEGIN INCLUDED TEXT--------------------
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2018:0660-1
Rating: important
References: #1012382 #1054305 #1060279 #1068032 #1068984
#1070781 #1073311 #1074488 #1074621 #1075091
#1075410 #1075617 #1075621 #1075908 #1075994
#1076017 #1076154 #1076278 #1076849 #1077406
#1077560 #1077922
Cross-References: CVE-2017-13215 CVE-2017-17741 CVE-2017-18017
CVE-2017-18079 CVE-2017-5715 CVE-2018-1000004
CVE-2018-5332 CVE-2018-5333
Affected Products:
SUSE Linux Enterprise Server 11-SP3-LTSS
SUSE Linux Enterprise Server 11-EXTRA
SUSE Linux Enterprise Point of Sale 11-SP3
SUSE Linux Enterprise Debuginfo 11-SP3
______________________________________________________________________________
An update that solves 8 vulnerabilities and has 14 fixes is
now available.
Description:
The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive
various security and bugfixes.
The following security bugs were fixed:
- CVE-2017-5715: Systems with microprocessors utilizing speculative
execution and indirect branch prediction may allow unauthorized
disclosure of information to an attacker with local user access via a
side-channel analysis (bnc#1068032).
The previous fix using CPU Microcode has been complemented by building
the Linux Kernel with return trampolines aka "retpolines".
- CVE-2018-5332: In the Linux kernel the rds_message_alloc_sgs() function
did not validate a value that is used during DMA page allocation,
leading to a heap-based out-of-bounds write (related to the
rds_rdma_extra_size function in net/rds/rdma.c) (bnc#1075621).
- CVE-2018-5333: In the Linux kernel the rds_cmsg_atomic function in
net/rds/rdma.c mishandled cases where page pinning fails or an invalid
address is supplied, leading to an rds_atomic_free_op NULL pointer
dereference (bnc#1075617).
- CVE-2017-18017: The tcpmss_mangle_packet function in
net/netfilter/xt_TCPMSS.c in the Linux kernel allowed remote attackers
to cause a denial of service (use-after-free and memory corruption) or
possibly have unspecified other impact by leveraging the presence of
xt_TCPMSS in an iptables action (bnc#1074488).
- CVE-2017-18079: drivers/input/serio/i8042.c in the Linux kernel allowed
attackers to cause a denial of service (NULL pointer dereference and
system crash) or possibly have unspecified other impact because the
port->exists value can change after it is validated (bnc#1077922).
- CVE-2017-17741: The KVM implementation in the Linux kernel allowed
attackers to obtain potentially sensitive information from kernel
memory, aka a write_mmio stack-based out-of-bounds read, related to
arch/x86/kvm/x86.c and include/trace/events/kvm.h (bnc#1073311).
- CVE-2017-13215: A elevation of privilege vulnerability in the Upstream
kernel skcipher. (bnc#1075908).
- CVE-2018-1000004: In the Linux kernel a race condition vulnerability
exists in the sound system, this can lead to a deadlock and denial of
service condition (bnc#1076017).
The following non-security bugs were fixed:
- cdc-acm: apply quirk for card reader (bsc#1060279).
- Enable CPU vulnerabilities reporting via sysfs
- fork: clear thread stack upon allocation (bsc#1077560).
- kaiser: Set _PAGE_NX only if supported (bnc#1012382, bnc#1076278).
- kbuild: modversions for EXPORT_SYMBOL() for asm (bsc#1074621
bsc#1068032).
- Move kABI fixup for retpolines to proper place.
- powerpc/vdso64: Use double word compare on pointers (bsc#1070781).
- s390: add ppa to the idle loop (bnc#1077406, LTC#163910).
- s390/cpuinfo: show facilities as reported by stfle (bnc#1076849,
LTC#163741).
- storvsc: do not assume SG list is continuous when doing bounce buffers
(bsc#1075410).
- sysfs/cpu: Add vulnerability folder (bnc#1012382).
- sysfs/cpu: Fix typos in vulnerability documentation (bnc#1012382).
- sysfs: spectre_v2, handle spec_ctrl (bsc#1075994 bsc#1075091).
- x86/acpi: Handle SCI interrupts above legacy space gracefully
(bsc#1068984).
- x86/acpi: Reduce code duplication in mp_override_legacy_irq()
(bsc#1068984).
- x86/boot: Fix early command-line parsing when matching at end
(bsc#1068032).
- x86/cpu: Factor out application of forced CPU caps (bsc#1075994
bsc#1075091).
- x86/cpu: Implement CPU vulnerabilites sysfs functions (bnc#1012382).
- x86/CPU: Sync CPU feature flags late (bsc#1075994 bsc#1075091).
- x86/kaiser: Populate shadow PGD with NX bit only if supported by
platform (bsc#1076154 bsc#1076278).
- x86/kaiser: use trampoline stack for kernel entry.
- x86/microcode/intel: Disable late loading on model 79 (bsc#1054305).
- x86/microcode/intel: Extend BDW late-loading further with LLC size check
(bsc#1054305).
- x86/microcode/intel: Extend BDW late-loading with a revision check
(bsc#1054305).
- x86/microcode: Rescan feature flags upon late loading (bsc#1075994
bsc#1075091).
- x86/retpolines/spec_ctrl: disable IBRS on !SKL if retpolines are active
(bsc#1068032).
- x86/spec_ctrl: handle late setting of X86_FEATURE_SPEC_CTRL properly
(bsc#1075994 bsc#1075091).
- x86/spectre_v2: fix ordering in IBRS initialization (bsc#1075994
bsc#1075091).
- x86/spectre_v2: nospectre_v2 means nospec too (bsc#1075994 bsc#1075091).
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 11-SP3-LTSS:
zypper in -t patch slessp3-kernel-20180212-13505=1
- SUSE Linux Enterprise Server 11-EXTRA:
zypper in -t patch slexsp3-kernel-20180212-13505=1
- SUSE Linux Enterprise Point of Sale 11-SP3:
zypper in -t patch sleposp3-kernel-20180212-13505=1
- SUSE Linux Enterprise Debuginfo 11-SP3:
zypper in -t patch dbgsp3-kernel-20180212-13505=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64):
kernel-default-3.0.101-0.47.106.19.1
kernel-default-base-3.0.101-0.47.106.19.1
kernel-default-devel-3.0.101-0.47.106.19.1
kernel-source-3.0.101-0.47.106.19.1
kernel-syms-3.0.101-0.47.106.19.1
kernel-trace-3.0.101-0.47.106.19.1
kernel-trace-base-3.0.101-0.47.106.19.1
kernel-trace-devel-3.0.101-0.47.106.19.1
- SUSE Linux Enterprise Server 11-SP3-LTSS (i586 x86_64):
kernel-ec2-3.0.101-0.47.106.19.1
kernel-ec2-base-3.0.101-0.47.106.19.1
kernel-ec2-devel-3.0.101-0.47.106.19.1
kernel-xen-3.0.101-0.47.106.19.1
kernel-xen-base-3.0.101-0.47.106.19.1
kernel-xen-devel-3.0.101-0.47.106.19.1
- SUSE Linux Enterprise Server 11-SP3-LTSS (x86_64):
kernel-bigsmp-3.0.101-0.47.106.19.1
kernel-bigsmp-base-3.0.101-0.47.106.19.1
kernel-bigsmp-devel-3.0.101-0.47.106.19.1
- SUSE Linux Enterprise Server 11-SP3-LTSS (s390x):
kernel-default-man-3.0.101-0.47.106.19.1
- SUSE Linux Enterprise Server 11-SP3-LTSS (i586):
kernel-pae-3.0.101-0.47.106.19.1
kernel-pae-base-3.0.101-0.47.106.19.1
kernel-pae-devel-3.0.101-0.47.106.19.1
- SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64):
kernel-default-extra-3.0.101-0.47.106.19.1
- SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64):
kernel-xen-extra-3.0.101-0.47.106.19.1
- SUSE Linux Enterprise Server 11-EXTRA (x86_64):
kernel-bigsmp-extra-3.0.101-0.47.106.19.1
kernel-trace-extra-3.0.101-0.47.106.19.1
- SUSE Linux Enterprise Server 11-EXTRA (ppc64):
kernel-ppc64-extra-3.0.101-0.47.106.19.1
- SUSE Linux Enterprise Server 11-EXTRA (i586):
kernel-pae-extra-3.0.101-0.47.106.19.1
- SUSE Linux Enterprise Point of Sale 11-SP3 (i586):
kernel-default-3.0.101-0.47.106.19.1
kernel-default-base-3.0.101-0.47.106.19.1
kernel-default-devel-3.0.101-0.47.106.19.1
kernel-ec2-3.0.101-0.47.106.19.1
kernel-ec2-base-3.0.101-0.47.106.19.1
kernel-ec2-devel-3.0.101-0.47.106.19.1
kernel-pae-3.0.101-0.47.106.19.1
kernel-pae-base-3.0.101-0.47.106.19.1
kernel-pae-devel-3.0.101-0.47.106.19.1
kernel-source-3.0.101-0.47.106.19.1
kernel-syms-3.0.101-0.47.106.19.1
kernel-trace-3.0.101-0.47.106.19.1
kernel-trace-base-3.0.101-0.47.106.19.1
kernel-trace-devel-3.0.101-0.47.106.19.1
kernel-xen-3.0.101-0.47.106.19.1
kernel-xen-base-3.0.101-0.47.106.19.1
kernel-xen-devel-3.0.101-0.47.106.19.1
- SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64):
kernel-default-debuginfo-3.0.101-0.47.106.19.1
kernel-default-debugsource-3.0.101-0.47.106.19.1
kernel-trace-debuginfo-3.0.101-0.47.106.19.1
kernel-trace-debugsource-3.0.101-0.47.106.19.1
- SUSE Linux Enterprise Debuginfo 11-SP3 (i586 x86_64):
kernel-ec2-debuginfo-3.0.101-0.47.106.19.1
kernel-ec2-debugsource-3.0.101-0.47.106.19.1
kernel-xen-debuginfo-3.0.101-0.47.106.19.1
kernel-xen-debugsource-3.0.101-0.47.106.19.1
- SUSE Linux Enterprise Debuginfo 11-SP3 (x86_64):
kernel-bigsmp-debuginfo-3.0.101-0.47.106.19.1
kernel-bigsmp-debugsource-3.0.101-0.47.106.19.1
- SUSE Linux Enterprise Debuginfo 11-SP3 (i586):
kernel-pae-debuginfo-3.0.101-0.47.106.19.1
kernel-pae-debugsource-3.0.101-0.47.106.19.1
References:
https://www.suse.com/security/cve/CVE-2017-13215.html
https://www.suse.com/security/cve/CVE-2017-17741.html
https://www.suse.com/security/cve/CVE-2017-18017.html
https://www.suse.com/security/cve/CVE-2017-18079.html
https://www.suse.com/security/cve/CVE-2017-5715.html
https://www.suse.com/security/cve/CVE-2018-1000004.html
https://www.suse.com/security/cve/CVE-2018-5332.html
https://www.suse.com/security/cve/CVE-2018-5333.html
https://bugzilla.suse.com/1012382
https://bugzilla.suse.com/1054305
https://bugzilla.suse.com/1060279
https://bugzilla.suse.com/1068032
https://bugzilla.suse.com/1068984
https://bugzilla.suse.com/1070781
https://bugzilla.suse.com/1073311
https://bugzilla.suse.com/1074488
https://bugzilla.suse.com/1074621
https://bugzilla.suse.com/1075091
https://bugzilla.suse.com/1075410
https://bugzilla.suse.com/1075617
https://bugzilla.suse.com/1075621
https://bugzilla.suse.com/1075908
https://bugzilla.suse.com/1075994
https://bugzilla.suse.com/1076017
https://bugzilla.suse.com/1076154
https://bugzilla.suse.com/1076278
https://bugzilla.suse.com/1076849
https://bugzilla.suse.com/1077406
https://bugzilla.suse.com/1077560
https://bugzilla.suse.com/1077922
- --
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBWqcT0Ix+lLeg9Ub1AQh51BAAnOspFoGYJj2uVlJnkt6Ucl+dKt68UL+F
uUfCSJC7nQrEpGjU7wd8CikS8ciXURaT5t8AHsZSdF2VakvCKrhlx6CuczB3MqZp
cctsqutxyFOgPP0rmND8NQMuEnKXdwQSP4wSIdipho9CGfg8g7zdbmHeGy1J67C3
Qopl0AEYzd/wkLML6NZlsNtxr6+67la/6H6wrc5l+zwszKcnq4HLQkiRx6Z9GCaI
EyyTpQgPZqbJPN1ny4AgLoxYU/2bXnv3MEal+ycgvo9BsmyshkADLqS4cyQzbsK4
kMUPM6qaUqd8pCkMGdN0LVomiHc5nEWFPjb2Whbr6t7oAJTyADLuIwqiwuwmtO+u
5ee3T6fs6H61llVZTbjatHHLRsjUYb5bpXxoT2jwwPtJgDAbf2jStilqtRb7bSNo
j727kIRy1Pv09FwFshHQaWI3z03DX43pRKUFP9gvNrJM2qOmYx1qy6j0D8OVzVAW
EFRcjNKV/pzs1SR7eINqEBWJaKVTZIoMEUJjcJkjIgwU7OjeyjoNO6h4ScnIAG6/
SeSIR0MgN12Dnwg3Hi0B8gvEe/mkIOwwtmUinJ2L2PKxGvTjPARiV5SKRdOBbrkD
IAp+t7LDO8+onyMtTLi72mAxH0eC+tZ9ONU7v1NBI+W/rz2+h8W2l6aIEdmelrG/
e/D8MG8sia8=
=sZic
-----END PGP SIGNATURE-----